CVE-2018-20332

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Reading of arbitrary files is possible with /file?action=download&file= followed by a full pathname, and listing of arbitrary directories is possible with /file?action=download&dir= followed by a full...

CVE-2018-20332

CVE-2018-20332 affects the OpenWebif plugin (versions up to 1.2.4) on Enigma2-based devices. The issue enables reading of arbitrary files and listing of arbitrary directories via /file?action=download&file=... and /file?action=download&dir=..., related to plugin/controllers/file.py in the e2openp...

Xxe

Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity XXE vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have...

UBUNTU-CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

OpenRefine XML External Entity Injection Vulnerability

OpenRefine is a standalone open source desktop application for data cleaning and converting data to other formats. An XML External Entity Injection XXE vulnerability exists in the data import function in OpenRefine versions 3.1 and earlier. The vulnerability can be exploited to read arbitrary fil...

CVE-2018-19039

Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions...

Qibo CMS station system V7.0 backend file reading vulnerability

Qibo CMS station system is a Guangzhou Qibo Network Technology Co. Qibo CMS system V7.0 backend file reading vulnerability exists. The vulnerability is due to the failure of the user to submit a special string of processing , resulting in directory traversal , an attacker can use the vulnerabilit...

CVE-2018-18983

VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file which is already in memory into another heap-based buffer, which may cause the program to crash or allow remote code execution...

Directory traversal

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...

Improper Authentication

In PHP Proxy, any user can read files from the server without authentication...

CVE-2018-19326

Affected product: Zyxel VMG1312-B10D gateways. Vulnerability: Local File Inclusion via directory traversal ("../" sequences) that allows reading arbitrary files (e.g., /etc/passwd). Root cause / detail: The connected nuclei template confirms a susceptible firmware path: version 5.13AAXA.8-C0 befo...

PHP Proxy 3.0.3 - Local File Inclusion

PHP Proxy 3.0.3 - Local File Inclusion Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...

CVE-2018-18778

ACME minihttpd before 1.30 lets remote users read arbitrary files...

CVE-2018-18223

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash...

CVE-2018-18224

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information...

Design/Logic Flaw

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information...

CVE-2018-18224

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information...

CVE-2018-18224

CVE-2018-18224 affects Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms, enabling reading past/before buffer boundaries and potential information leakage or crashes. Connected IBM docs tie this to Rational DOORS Next Generation versions and provide a remediation: upgrade Rat...

PT-2018-1746 · D Link · Dwr-116 +7

Name of the Vulnerable Software and Affected Versions: D-Link DWR-116 versions 1.06 and earlier D-Link DIR-140L versions 1.02 and earlier D-Link DIR-640L versions 1.02 and earlier D-Link DWR-512 versions 2.02 and earlier D-Link DWR-712 versions 2.02 and earlier D-Link DWR-912 versions 2.02 and...

CVE-2018-1723

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373...